In this episode, we discuss the pros and cons of using serverless architecture in enterprise companies. We cover topics like cost, complexity, security, ability to evolve architecture, and more. Overall, we find that serverless can provide benefits like reduced operational costs, improved developer productivity, and increased focus on core business logic for larger companies.

AWS Bites is sponsored by fourTheorem, an Advanced AWS partner that works collaboratively with you and sets you up for long-term success on AWS. Find out more at fourtheorem.com

In this episode, we mentioned the following resources:

- Yan Cui - “Even simple serverless applications have complex architecture diagrams”, so what?

- Dark Matter Developers: The Unseen 99%

- Deloitte - Determining the Total Cost of Ownership of Serverless Technologies when compared to Traditional Cloud (PDF)

- Generating Value Through IT Agility and Business Scalability with AWS Serverless Platform (Gated Link)

Do you have any AWS questions you would like us to address?

Leave a comment here or connect with us on X/Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠

In this episode, we discuss why IAM users and long-lived credentials are dangerous and should be avoided. We share war stories of compromised credentials and overprivileged access. We then explore solutions like centralizing IAM users, using tools like AWS Vault for temporary credentials, integrating with AWS SSO, and fully eliminating IAM users when possible.

💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem. If you are looking for a partner to architect, develop and modernise on AWS, give fourTheorem a call. Check out ⁠⁠https://fourtheorem.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

In this episode, we mentioned the following resources:

• Episode 118 "The landing zone: Managing multiple AWS accounts": https://awsbites.com/118-the-landing-zone-managing-multiple-aws-accounts/
• Episode 96: "AWS Governance and Landing Zone with Control Tower, Org Formation, and Terraform" https://awsbites.com/96-aws-governance-and-landing-zone-with-control-tower-org-formation-and-terraform/
• Datadog Security Report (IAM stats): https://www.datadoghq.com/state-of-cloud-security/
• Credentials provider chain in the JavaScript SDK: https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/setting-credentials-node.html
• Credentials provider chain in the AWS CLI: https://docs.aws.amazon.com/cli/v1/userguide/cli-chap-authentication.html
• Episode 45 "What’s the magic of OIDC identity providers?": https://awsbites.com/45-what-s-the-magic-of-oidc-identity-providers/
• Episode 112 "What is a Service Control Policy (SCP)?": https://awsbites.com/112-what-is-a-service-control-policy-scp
• Episode 115 "What can you do with Permissions Boundaries?": https://awsbites.com/115-what-can-you-do-with-permissions-boundaries/

Do you have any AWS questions you would like us to address?

Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠

In this special episode of AWS Bites, Eoin is joined by Fiona McKenna, co-founder and CFO of fourTheorem, to discuss startup advice, hiring and growing teams, creating an environment for success, and managing cloud costs. They cover important themes around people, culture, leadership, and finance from Fiona's extensive experience in the tech industry. 💰 SPONSORS 💰 AWS Bites is sponsored by fourTheorem, an Advanced AWS partner that works collaboratively with you and sets you up for long-term success on AWS. Find out more at https://fourtheorem.com. 🔖 Chapters: 00:00 Intro 02:28 Advice on hiring and growing teams 06:00 Challenges in recruiting the right people 09:06 Advice for startups growing from small to large teams 12:53 More general advice for startups 18:25 Are cloud economics understood by CFOs and finance leaders? 21:42 Advice for large companies migrating to the cloud 25:35 Tips for starting an AWS consultancy 28:32 Closing notes Find Fiona on LinkedIn: https://www.linkedin.com/in/fiona-mc-kenna-174172a2 Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - https://twitter.com/eoins - https://twitter.com/loige

In this episode, we provided an overview of GitHub Action Runners and discussed the benefits of using self-hosted runners on AWS. We covered options including EC2 and CodeBuild for running GitHub Actions, compared pricing across solutions, and shared our hands-on experience setting things up. Overall, using AWS services can provide more control, lower latency, and cost optimization compared to GitHub hosted runners.

💰 SPONSORS 💰 AWS Bites is sponsored by fourTheorem, an Advanced AWS partner that works collaboratively with you and sets you up for long-term success on AWS. Find out more at ⁠fourtheorem.com⁠.

The source code for the project we discussed is available on GitHub: ⁠fourTheorem/codebuild-gha-runners⁠!

In this episode, we mentioned the following resources.

1. ⁠Cloudonaut - Self-Hosted GitHub Runners on AWS⁠
2. ⁠AWS: Best Practices for Working with Self-Hosted GitHub Action Runners at Scale on AWS⁠
3. ⁠GitHub - philips-labs/terraform-aws-github-runner⁠
4. ⁠GitHub - garysassano/cdktf-aws-codebuild-github-runners-organization⁠
5. ⁠GitHub - machulav/ec2-github-runner⁠
6. ⁠AWS CodeBuild Managed Self-Hosted GitHub Action Runners⁠
7. ⁠HyperEnv - Self-hosted GitHub runners on AWS⁠
8. ⁠RunsOn - Self-hosted runners on AWS⁠
9. ⁠Actions Runner Controller for Kubernetes⁠
10. ⁠Biome⁠
11. ⁠SLIC Watch⁠

Do you have any AWS questions you would like us to address?

Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠

In this episode, we discuss the concept of CloudFormation drift, what causes it, how to detect it, and strategies for resolving it. We explain that drift happens when the actual state of resources diverges from what is defined in the CloudFormation templates. Common causes include manual changes, third party tools, mixing IaC solutions, and automation. We then cover built-in drift detection in CloudFormation and integrating it with alarms. Finally, we suggest approaches for reconciling drift like change sets, deletion protection, and bringing up parallel stacks.

💰 SPONSORS 💰 This episode of AWS Bites is brought to you by fourTheorem. Need to modernize your infrastructure or build scalable cloud solutions? fourTheorem brings the experience to build high-quality, maintainable, and scalable cloud applications that evolve with your business needs. Visit ⁠https://fourtheorem.com⁠⁠⁠⁠⁠⁠⁠⁠⁠ to see how we can help take your cloud journey to the next level.

In this episode, we mentioned the following resources:

• Ep 31 - CloudFormation or Terraform: https://awsbites.com/31-cloudformation-or-terraform/
• Ep. 121 - 5 Ways to extend CloudFormation: https://awsbites.com/121-5-ways-to-extend-cloudformation/
• Automatic Drift detection (AWS tutorial): https://aws.amazon.com/blogs/mt/implementing-an-alarm-to-automatically-detect-drift-in-aws-cloudformation-stacks
• Ep. 11 - How do you move away from the management console: https://awsbites.com/11-how-do-you-move-away-from-the-management-console/

Do you have any AWS questions you would like us to address?

Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠

In this episode, we had the pleasure to interview Farrah Campbell, head of modern compute community at AWS, prolific speaker, and former AWS Hero. We discussed Farrah's career journey from healthcare into tech, tips on public speaking, dealing with imposter syndrome, the pace of innovation in the cloud, and predictions for the future. Farrah shared personal stories and advice for getting started in tech and being an active member of the community. It was inspiring to hear from someone so passionate about helping others learn and grow.

💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem. If you are looking for a partner to architect, develop and modernise on AWS, give fourTheorem a call. Check out https://fourtheorem.com⁠⁠⁠⁠⁠ .

In this episode, we mentioned the following resources:

• Farrah's favourite AWS Bites episode with Jeremy Daly: https://awsbites.com/102-getting-ampt-with-jeremy-daly/
• Farrah on X (Twitter): https://x.com/FarrahC32
• Farrah on Linkedin: https://www.linkedin.com/in/farrahcampbell/

Do you have any AWS questions you would like us to address?

Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠

In this episode, we discuss AWS Lambda provisioned concurrency. We start with a recap of Lambda cold starts and the different concurrency control options. We then explain how provisioned concurrency works to initialize execution environments in advance to avoid cold starts. We cover how to enable it, pricing details, common issues like over/under-provisioning, and alternatives like self-warming functions or using other services like ECS and Fargate.

💰 SPONSORS 💰 This episode of AWS Bites is powered by fourTheorem. Whether you're looking to architect, develop, or modernize on AWS, fourTheorem has you covered. Ready to take your cloud game to the next level? Head to ⁠⁠⁠⁠https://fourtheorem.com⁠⁠⁠⁠⁠ to check out our in-depth articles, and case studies, and see how we can help transform your AWS journey.

In this episode, we mentioned the following resources:

• Episode 60: "What is AWS Lambda": https://awsbites.com/60-what-is-aws-lambda/
• Episode 104: "Explaining AWS Lambda Runtimes": https://awsbites.com/104-explaining-lambda-runtimes/
• Episode 108: "Solving Lambda Cold Starts in Python": https://awsbites.com/108-how-to-solve-lambda-python-cold-starts/
• Episode 120: "Lambda Best Practices": https://awsbites.com/120-lambda-best-practices/
• AWS Lambda Concurrency Explained by James Eastham: https://www.youtube.com/watch?v=KHACnNKTefI
• Provisioned Concurrency pricing: https://aws.amazon.com/lambda/pricing/#Provisioned_Concurrency_Pricing
• Less than 1% of invocations are cold-starts (statement): https://docs.aws.amazon.com/lambda/latest/operatorguide/execution-environments.html
• Middy Warmup Middleware: https://middy.js.org/docs/middlewares/warmup/
• Lambda speculative warm-up init (mention in the Docs): https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtime-environment.html#:~:text=For%20functions%20using,on%20this%20behavior.
• Episode 64: "How do you write Lambda Functions in Rust": https://awsbites.com/64-how-do-you-write-lambda-functions-in-rust
• Episode 128: "Writing a book about Rust and Lambda": https://awsbites.com/128-writing-a-book-about-rust-and-lambda/

Do you have any AWS questions you would like us to address?

Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠

In this episode, we discuss Luciano's new book project on using Rust to write AWS Lambda functions. We start with a recap on why Rust is a good fit for Lambda, including performance, efficiency, safety, and low cold start times. Luciano provides details on the book's progress so far, the intended audience, and the current published chapters covering Lambda internals, getting started with Rust Lambda, and building a URL shortener app with DynamoDB. We also explore the differences between traditional publishing and self-publishing, and why Luciano chose the self-publishing route for this book. Luciano shares insights into the writing process with AsciiDoc, code samples, SVG image generation, and using Gumroad for distribution. He invites feedback from listeners who have experience with Rust and Lambda.

💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem. If you are looking for a partner to architect, develop and modernise on AWS, give fourTheorem a call. We have also been working with some of our customers to rewrite some of their most used Lambda functions in Rust, greatly reducing cost and improving performance. If all of this sounds interesting, check us out at ⁠⁠⁠https://fourtheorem.com⁠⁠⁠

In this episode, we mentioned the following resources:

• Our previous episode "64. How do you write Lambda Functions in Rust?": https://awsbites.com/64-how-do-you-write-lambda-functions-in-rust
• Crafting Lambda Functions in Rust book's website: https://rust-lambda.com/
• The official Rust book (available for free): https://doc.rust-lang.org/book/
• James Eastham awesome YouTube channel: https://www.youtube.com/@serverlessjames
• AI as a Service book: https://www.manning.com/books/ai-as-a-service
• Node.js Design Patterns book: https://www.nodejsdesignpatterns.com/
• Liran Tal's awesome AsciiDoc book starter template: https://github.com/lirantal/asciidoc-book-starter

Do you have any AWS questions you would like us to address?

Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠

An overview of load balancers, explaining how they distribute traffic across multiple servers and provide high availability. We discuss layer 4 and layer 7 load balancers, detailing their pros and cons. We then focus on AWS load balancers, covering network load balancers and application load balancers in depth, including their features, use cases, and pricing models. We conclude by mentioning some alternatives to AWS load balancers.

💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem an AWS consulting partner with tons of experience with AWS. If you need someone to help you with your ambitions AWS projects, check out ⁠⁠https://fourtheorem.com⁠⁠

In this episode, we mentioned the following resources:

• Our previous episode "88. What is VPC Lattice?": https://awsbites.com/88-what-is-vpc-lattice/

Do you have any AWS questions you would like us to address?

Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠

This episode discusses solutions for securely accessing private VPC resources for debugging and troubleshooting. We cover traditional approaches like bastion hosts and VPNs and newer solutions using containers and AWS services like Fargate, ECS, and SSM. We explain how to set up a Fargate task with a container image with the necessary tools, enable ECS integration with SSM, and use SSM to start remote shells and port forwarding tunnels into the container. This provides on-demand access without exposing resources on the public internet. We share a Python script to simplify the process. We suggest ideas for improvements like auto-scaling the container down when idle. Overall, this lightweight containerized approach can provide easy access for debugging compared to managing EC2 instances.

💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem an AWS consulting partner with tons of experience with AWS. If you need someone to help you with your ambitions AWS projects, check out ⁠https://fourtheorem.com⁠

In this episode, we mentioned the following resources:

• Our previous episode "78. When do you need a bastion host?": https://awsbites.com/78-when-do-you-need-a-bastion-host
• Basti - Securely connect to RDS, Elasticache, and other AWS resources in VPCs with no idle cost: https://github.com/basti-app/basti
• Our gist with a Python script you can adjust to your needs: https://gist.github.com/eoinsha/157f6d869d0033f80a8da5757e8781f7

Do you have any AWS questions you would like us to address?

Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠

In this episode, we discuss the newly announced CloudFront Hosting Toolkit from AWS. We provide an overview of the tool, which aims to simplify deploying modern front-end applications to AWS while retaining infrastructure control. We discuss the current capabilities and limitations and share our hands-on experiences trying out the tool. We also talk about alternatives like Vercel and Amplify, and the tradeoffs between convenience VS control. Overall, the toolkit shows promise but is still early-stage. We are excited to see it evolve to support more frameworks and use cases.

💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem an AWS consulting partner with tons of experience with AWS. If you need someone to help you with your ambitions AWS projects, check out https://fourtheorem.com

In this episode, we mentioned the following resources:

• CloudFront Hosting Toolkit official announcement: https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-cloudfront-hosting-toolkit/
• Previous episode "80. Can you do private static websites on AWS?": https://awsbites.com/80-can-you-do-private-static-websites-on-aws/
• Previous episode "3. How do you deploy a static website on AWS?": https://awsbites.com/3-how-do-you-deploy-a-static-website-on-aws/
• CloudFront functions: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-functions.html
• CloudFront Key-Value Store: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/kvs-with-functions.html
• Sandro Volpicella's article on CloudFront Hosting Toolkit: https://blog.awsfundamentals.com/cloudfront-hosting-toolkit
• Open Next: https://open-next.js.org/
• Coolify: https://coolify.io/

Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠